CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 1CVE-2024-26144 – Possible Sensitive Session Information Leak in Active Storage
https://notcve.org/view.php?id=CVE-2024-26144
Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. ... Certain proxies may cache the Set-Cookie, leading to an information leak. • https://github.com/gmo-ierae/CVE-2024-26144-test https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml https://security.netapp.com/advisory/ntap&# • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0680 – WP Private Content Plus <= 3.6 - Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2024-0680
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. • https://wordpress.org/plugins/wp-private-content-plus https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0681 – Page Restriction WordPress (WP) – Protect WP Pages/Post <= 1.3.4 - Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2024-0681
The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve • CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-0682 – Page Restrict <= 2.5.5 - Protection Mechanism Bypass
https://notcve.org/view.php?id=CVE-2024-0682
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. • https://wordpress.org/plugins/pagerestrict https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve • CWE-693: Protection Mechanism Failure •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2021-46906 – HID: usbhid: fix info leak in hid_submit_ctrl
https://notcve.org/view.php?id=CVE-2021-46906
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. ... When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. • https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366 https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0 https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82 https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1 https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9 https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8 https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5d • CWE-668: Exposure of Resource to Wrong Sphere •